forget-cancellare-vecchi-toot/app.py

from flask import Flask, request
from flask_sqlalchemy import SQLAlchemy
from sqlalchemy import MetaData, event
from sqlalchemy.engine import Engine
from flask_migrate import Migrate
import version
from lib import cachebust
from flask_limiter import Limiter
from flask_limiter.util import get_remote_address
from lib import get_viewer
import os
import mimetypes

app = Flask(__name__)

default_config = {
        "SQLALCHEMY_TRACK_MODIFICATIONS": False,
        "SQLALCHEMY_DATABASE_URI": "postgresql+psycopg2:///forget",
        "SECRET_KEY": "hunter2",
        "CELERY_BROKER": "redis://",
        "HTTPS": True,
        "SENTRY_CONFIG": {},
        "RATELIMIT_STORAGE_URL": "redis://",
        "REPO_URL": "https://github.com/codl/forget",
        "COMMIT_URL": "https://github.com/codl/forget/commits/{hash}",
}

app.config.update(default_config)

app.config.from_pyfile('config.py', True)

metadata = MetaData(naming_convention = {
    "ix": 'ix_%(column_0_label)s',
    "uq": "uq_%(table_name)s_%(column_0_name)s",
    "ck": "ck_%(table_name)s_%(constraint_name)s",
    "fk": "fk_%(table_name)s_%(column_0_name)s_%(referred_table_name)s",
    "pk": "pk_%(table_name)s"
})

db = SQLAlchemy(app, metadata=metadata)
migrate = Migrate(app, db)

if 'SQLALCHEMY_LOG_QUERIES_TO' in app.config:
    @event.listens_for(Engine, 'after_cursor_execute', named=True)
    def log_queries(statement='', **kwargs):
        with open(app.config['SQLALCHEMY_LOG_QUERIES_TO'], 'a') as f:
            f.write(statement.replace('\n', ' ') + ';\n')
            os.sync()

sentry = None
if 'SENTRY_DSN' in app.config:
    from raven.contrib.flask import Sentry
    app.config['SENTRY_CONFIG']['release'] = version.version
    sentry = Sentry(app, dsn=app.config['SENTRY_DSN'])

url_for = cachebust(app)

@app.context_processor
def inject_static():
    def static(filename, **kwargs):
        return url_for('static', filename=filename, **kwargs)
    return {'st': static}

def rate_limit_key():
    viewer = get_viewer()
    if viewer:
        return viewer.id
    for address in request.access_route:
        if address != '127.0.0.1':
            print(address)
            return address
    return request.remote_addr

limiter = Limiter(app, key_func=rate_limit_key)

@app.after_request
def install_security_headers(resp):
    csp = "default-src 'none'; img-src 'self' https:; script-src 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self'; frame-ancestors 'none'"
    if 'CSP_REPORT_URI' in app.config:
        csp += "; report-uri " + app.config.get('CSP_REPORT_URI')

    if app.config.get('HTTPS'):
        resp.headers.set('strict-transport-security', 'max-age={}'.format(60*60*24*365))
        csp += "; upgrade-insecure-requests"

    resp.headers.set('Content-Security-Policy', csp)
    resp.headers.set('referrer-policy', 'no-referrer')
    resp.headers.set('x-content-type-options', 'nosniff')
    resp.headers.set('x-frame-options', 'DENY')
    resp.headers.set('x-xss-protection', '1')

    return resp

mimetypes.add_type('image/webp', '.webp')
oops 2017-08-10 17:12:04 +02:00			`from flask import Flask, request`
init 2017-07-25 09:52:24 +02:00			`from flask_sqlalchemy import SQLAlchemy`
secret debug config option to log all queries shh 🙊 2017-08-14 20:19:51 +02:00			`from sqlalchemy import MetaData, event`
			`from sqlalchemy.engine import Engine`
init 2017-07-25 09:52:24 +02:00			`from flask_migrate import Migrate`
add version number 2017-08-07 14:51:33 +02:00			`import version`
add cachebusting for static files 2017-08-07 21:50:31 +02:00			`from lib import cachebust`
add rate limits 2017-08-10 17:07:39 +02:00			`from flask_limiter import Limiter`
			`from flask_limiter.util import get_remote_address`
			`from lib import get_viewer`
secret debug config option to log all queries shh 🙊 2017-08-14 20:19:51 +02:00			`import os`
ensure proper mimetype when serving webp images 2017-08-29 01:29:55 +02:00			`import mimetypes`
init 2017-07-25 09:52:24 +02:00
			`app = Flask(__name__)`

proper config management 2017-07-26 11:11:54 +02:00			`default_config = {`
			`"SQLALCHEMY_TRACK_MODIFICATIONS": False,`
			`"SQLALCHEMY_DATABASE_URI": "postgresql+psycopg2:///forget",`
fuckin idk 2017-07-27 20:20:59 +02:00			`"SECRET_KEY": "hunter2",`
working brotli cache 2017-08-11 19:13:37 +02:00			`"CELERY_BROKER": "redis://",`
computer 2017-08-07 15:06:29 +02:00			`"HTTPS": True,`
also change the default to be redis regardless 2017-08-10 17:22:32 +02:00			`"SENTRY_CONFIG": {},`
			`"RATELIMIT_STORAGE_URL": "redis://",`
shorten footer and link directly to the running commit 2017-08-20 18:48:43 +02:00			`"REPO_URL": "https://github.com/codl/forget",`
footer: link to commits list instead of single commit 2017-08-21 10:56:51 +02:00			`"COMMIT_URL": "https://github.com/codl/forget/commits/{hash}",`
proper config management 2017-07-26 11:11:54 +02:00			`}`

			`app.config.update(default_config)`

			`app.config.from_pyfile('config.py', True)`
stuff. if you see this then i forgot to squash before publishing 2017-07-25 23:05:46 +02:00
init 2017-07-25 09:52:24 +02:00			`metadata = MetaData(naming_convention = {`
			`"ix": 'ix_%(column_0_label)s',`
			`"uq": "uq_%(table_name)s_%(column_0_name)s",`
			`"ck": "ck_%(table_name)s_%(constraint_name)s",`
			`"fk": "fk_%(table_name)s_%(column_0_name)s_%(referred_table_name)s",`
			`"pk": "pk_%(table_name)s"`
			`})`

			`db = SQLAlchemy(app, metadata=metadata)`
			`migrate = Migrate(app, db)`
add sentry support 2017-08-07 13:29:31 +02:00
secret debug config option to log all queries shh 🙊 2017-08-14 20:19:51 +02:00			`if 'SQLALCHEMY_LOG_QUERIES_TO' in app.config:`
			`@event.listens_for(Engine, 'after_cursor_execute', named=True)`
			`def log_queries(statement='', **kwargs):`
			`with open(app.config['SQLALCHEMY_LOG_QUERIES_TO'], 'a') as f:`
			`f.write(statement.replace('\n', ' ') + ';\n')`
			`os.sync()`

add sentry support 2017-08-07 13:29:31 +02:00			`sentry = None`
			`if 'SENTRY_DSN' in app.config:`
			`from raven.contrib.flask import Sentry`
? 2017-08-07 15:09:28 +02:00			`app.config['SENTRY_CONFIG']['release'] = version.version`
augh 2017-08-07 14:59:38 +02:00			`sentry = Sentry(app, dsn=app.config['SENTRY_DSN'])`
simplify header 2017-08-07 21:35:46 +02:00
add cachebusting for static files 2017-08-07 21:50:31 +02:00			`url_for = cachebust(app)`

simplify header 2017-08-07 21:35:46 +02:00			`@app.context_processor`
			`def inject_static():`
			`def static(filename, **kwargs):`
			`return url_for('static', filename=filename, **kwargs)`
			`return {'st': static}`
add rate limits 2017-08-10 17:07:39 +02:00
			`def rate_limit_key():`
			`viewer = get_viewer()`
			`if viewer:`
			`return viewer.id`
			`for address in request.access_route:`
			`if address != '127.0.0.1':`
			`print(address)`
			`return address`
			`return request.remote_addr`

			`limiter = Limiter(app, key_func=rate_limit_key)`
add security headers 2017-08-28 01:47:01 +02:00
			`@app.after_request`
			`def install_security_headers(resp):`
csp: only set upgrade-insecure-requests when over https 2017-08-28 09:12:32 +02:00			`csp = "default-src 'none'; img-src 'self' https:; script-src 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self'; frame-ancestors 'none'"`
add security headers 2017-08-28 01:47:01 +02:00			`if 'CSP_REPORT_URI' in app.config:`
			`csp += "; report-uri " + app.config.get('CSP_REPORT_URI')`

			`if app.config.get('HTTPS'):`
fix hsts header 2017-08-28 01:52:22 +02:00			`resp.headers.set('strict-transport-security', 'max-age={}'.format(606024*365))`
csp: only set upgrade-insecure-requests when over https 2017-08-28 09:12:32 +02:00			`csp += "; upgrade-insecure-requests"`
add security headers 2017-08-28 01:47:01 +02:00
csp: only set upgrade-insecure-requests when over https 2017-08-28 09:12:32 +02:00			`resp.headers.set('Content-Security-Policy', csp)`
add security headers 2017-08-28 01:47:01 +02:00			`resp.headers.set('referrer-policy', 'no-referrer')`
			`resp.headers.set('x-content-type-options', 'nosniff')`
			`resp.headers.set('x-frame-options', 'DENY')`
mozilla observatory retire bitch 2017-08-28 01:58:00 +02:00			`resp.headers.set('x-xss-protection', '1')`
add security headers 2017-08-28 01:47:01 +02:00
			`return resp`
ensure proper mimetype when serving webp images 2017-08-29 01:29:55 +02:00
			`mimetypes.add_type('image/webp', '.webp')`